Merge "Allow adb to handle single paramter with install-multi-package flag"
diff --git a/adb/daemon/include/adbd/usb.h b/adb/daemon/include/adbd/usb.h
index 3213f69..fca3c58 100644
--- a/adb/daemon/include/adbd/usb.h
+++ b/adb/daemon/include/adbd/usb.h
@@ -43,7 +43,7 @@
bool open_new_connection = true;
int (*write)(usb_handle* h, const void* data, int len);
- int (*read)(usb_handle* h, void* data, int len);
+ int (*read)(usb_handle* h, void* data, int len, bool allow_partial);
void (*kick)(usb_handle* h);
void (*close)(usb_handle* h);
diff --git a/adb/daemon/usb_legacy.cpp b/adb/daemon/usb_legacy.cpp
index b65727a..fe80e7d 100644
--- a/adb/daemon/usb_legacy.cpp
+++ b/adb/daemon/usb_legacy.cpp
@@ -142,11 +142,12 @@
return orig_len;
}
-static int usb_ffs_read(usb_handle* h, void* data, int len) {
+static int usb_ffs_read(usb_handle* h, void* data, int len, bool allow_partial) {
D("about to read (fd=%d, len=%d)", h->bulk_out.get(), len);
char* buf = static_cast<char*>(data);
int orig_len = len;
+ unsigned count = 0;
while (len > 0) {
int read_len = std::min(USB_FFS_BULK_SIZE, len);
int n = adb_read(h->bulk_out, buf, read_len);
@@ -156,6 +157,16 @@
}
buf += n;
len -= n;
+ count += n;
+
+ // For fastbootd command such as "getvar all", len parameter is always set 64.
+ // But what we read is actually less than 64.
+ // For example, length 10 for "getvar all" command.
+ // If we get less data than expected, this means there should be no more data.
+ if (allow_partial && n < read_len) {
+ orig_len = count;
+ break;
+ }
}
D("[ done fd=%d ]", h->bulk_out.get());
@@ -221,7 +232,7 @@
}
}
-static int usb_ffs_aio_read(usb_handle* h, void* data, int len) {
+static int usb_ffs_aio_read(usb_handle* h, void* data, int len, bool allow_partial) {
return usb_ffs_do_aio(h, data, len, true);
}
@@ -299,7 +310,7 @@
}
int usb_read(usb_handle* h, void* data, int len) {
- return h->read(h, data, len);
+ return h->read(h, data, len, false /* allow_partial */);
}
int usb_close(usb_handle* h) {
diff --git a/base/include/android-base/expected.h b/base/include/android-base/expected.h
index d70e50a..2307217 100644
--- a/base/include/android-base/expected.h
+++ b/base/include/android-base/expected.h
@@ -79,6 +79,15 @@
#define _NODISCARD_
#endif
+namespace {
+template< class T >
+struct remove_cvref {
+ typedef std::remove_cv_t<std::remove_reference_t<T>> type;
+};
+template< class T >
+using remove_cvref_t = typename remove_cvref<T>::type;
+} // namespace
+
// Class expected
template<class T, class E>
class _NODISCARD_ expected {
@@ -93,7 +102,7 @@
// constructors
constexpr expected() = default;
constexpr expected(const expected& rhs) = default;
- constexpr expected(expected&& rhs) noexcept = default;
+ constexpr expected(expected&& rhs) noexcept = default;
template<class U, class G _ENABLE_IF(
std::is_constructible_v<T, const U&> &&
@@ -173,6 +182,9 @@
template<class U = T _ENABLE_IF(
std::is_constructible_v<T, U&&> &&
+ !std::is_same_v<remove_cvref_t<U>, std::in_place_t> &&
+ !std::is_same_v<expected<T, E>, remove_cvref_t<U>> &&
+ !std::is_same_v<unexpected<E>, remove_cvref_t<U>> &&
std::is_convertible_v<U&&,T> /* non-explicit */
)>
constexpr expected(U&& v)
@@ -180,6 +192,9 @@
template<class U = T _ENABLE_IF(
std::is_constructible_v<T, U&&> &&
+ !std::is_same_v<remove_cvref_t<U>, std::in_place_t> &&
+ !std::is_same_v<expected<T, E>, remove_cvref_t<U>> &&
+ !std::is_same_v<unexpected<E>, remove_cvref_t<U>> &&
!std::is_convertible_v<U&&,T> /* explicit */
)>
constexpr explicit expected(U&& v)
@@ -241,38 +256,21 @@
~expected() = default;
// assignment
-// TODO(b/132145659) enable assignment operator only when the condition
-// satisfies. SFNAIE doesn't work here because assignment operator should be
-// non-template. We could workaround this by defining a templated parent class
-// having the assignment operator. This incomplete implementation however
-// doesn't allow us to copy assign expected<T,E> even when T is non-copy
-// assignable. The copy assignment will fail by the underlying std::variant
-// anyway though the error message won't be clear.
-// std::enable_if_t<(
-// std::is_copy_assignable_v<T> &&
-// std::is_copy_constructible_v<T> &&
-// std::is_copy_assignable_v<E> &&
-// std::is_copy_constructible_v<E> &&
-// (std::is_nothrow_move_constructible_v<E> ||
-// std::is_nothrow_move_constructible_v<T>)
-// ), expected&>
- expected& operator=(const expected& rhs) {
- var_ = rhs.var_;
- return *this;
- }
-// std::enable_if_t<(
-// std::is_move_constructible_v<T> &&
-// std::is_move_assignable_v<T> &&
-// std::is_nothrow_move_constructible_v<E> &&
-// std::is_nothrow_move_assignable_v<E>
-// ), expected&>
- expected& operator=(expected&& rhs) noexcept {
- var_ = std::move(rhs.var_);
- return *this;
- }
+ // Note: SFNAIE doesn't work here because assignment operator should be
+ // non-template. We could workaround this by defining a templated parent class
+ // having the assignment operator. This incomplete implementation however
+ // doesn't allow us to copy assign expected<T,E> even when T is non-copy
+ // assignable. The copy assignment will fail by the underlying std::variant
+ // anyway though the error message won't be clear.
+ expected& operator=(const expected& rhs) = default;
+
+ // Note for SFNAIE above applies to here as well
+ expected& operator=(expected&& rhs) = default;
template<class U = T _ENABLE_IF(
!std::is_void_v<T> &&
+ !std::is_same_v<expected<T,E>, remove_cvref_t<U>> &&
+ !std::conjunction_v<std::is_scalar<T>, std::is_same<T, std::decay_t<U>>> &&
std::is_constructible_v<T,U> &&
std::is_assignable_v<T&,U> &&
std::is_nothrow_move_constructible_v<E>
@@ -283,7 +281,6 @@
}
template<class G = E>
- // TODO: std::is_nothrow_copy_constructible_v<E> && std::is_copy_assignable_v<E>
expected& operator=(const unexpected<G>& rhs) {
var_ = rhs;
return *this;
@@ -399,7 +396,7 @@
friend void swap(expected<T1, E1>&, expected<T1, E1>&) noexcept;
private:
- std::variant<value_type, unexpected_type> var_;
+ std::variant<value_type, unexpected_type> var_;
};
template<class T1, class E1, class T2, class E2>
@@ -468,7 +465,9 @@
constexpr unexpected(unexpected&&) = default;
template<class Err = E _ENABLE_IF(
- std::is_constructible_v<E, Err>
+ std::is_constructible_v<E, Err> &&
+ !std::is_same_v<remove_cvref_t<E>, std::in_place_t> &&
+ !std::is_same_v<remove_cvref_t<E>, unexpected>
)>
constexpr unexpected(Err&& e)
: val_(std::forward<Err>(e)) {}
@@ -559,7 +558,9 @@
constexpr const E&& value() const&& noexcept { return std::move(val_); }
constexpr E&& value() && noexcept { return std::move(val_); }
- void swap(unexpected& other) noexcept { std::swap(val_, other.val_); }
+ void swap(unexpected& other) noexcept(std::is_nothrow_swappable_v<E>) {
+ std::swap(val_, other.val_);
+ }
template<class E1, class E2>
friend constexpr bool
@@ -570,8 +571,9 @@
template<class E1>
friend void swap(unexpected<E1>& x, unexpected<E1>& y) noexcept(noexcept(x.swap(y)));
+
private:
- E val_;
+ E val_;
};
template<class E1, class E2>
diff --git a/fastboot/device/usb_client.cpp b/fastboot/device/usb_client.cpp
index 2f0cca7..5066046 100644
--- a/fastboot/device/usb_client.cpp
+++ b/fastboot/device/usb_client.cpp
@@ -255,7 +255,8 @@
size_t bytes_read_total = 0;
while (bytes_read_total < len) {
auto bytes_to_read = std::min(len - bytes_read_total, kFbFfsNumBufs * kFbFfsBufSize);
- auto bytes_read_now = handle_->read(handle_.get(), char_data, bytes_to_read);
+ auto bytes_read_now =
+ handle_->read(handle_.get(), char_data, bytes_to_read, true /* allow_partial */);
if (bytes_read_now < 0) {
return bytes_read_total == 0 ? -1 : bytes_read_total;
}
diff --git a/fastboot/usb_windows.cpp b/fastboot/usb_windows.cpp
index b00edb3..5a3cefc 100644
--- a/fastboot/usb_windows.cpp
+++ b/fastboot/usb_windows.cpp
@@ -195,25 +195,28 @@
ssize_t WindowsUsbTransport::Read(void* data, size_t len) {
unsigned long time_out = 0;
unsigned long read = 0;
+ size_t count = 0;
int ret;
DBG("usb_read %zu\n", len);
if (nullptr != handle_) {
- while (1) {
- int xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
+ while (len > 0) {
+ size_t xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
ret = AdbReadEndpointSync(handle_->adb_read_pipe, data, xfer, &read, time_out);
errno = GetLastError();
DBG("usb_read got: %ld, expected: %d, errno: %d\n", read, xfer, errno);
- if (ret) {
- return read;
- } else {
+ if (ret == 0) {
// assume ERROR_INVALID_HANDLE indicates we are disconnected
if (errno == ERROR_INVALID_HANDLE)
usb_kick(handle_.get());
break;
}
- // else we timed out - try again
+ count += read;
+ len -= read;
+ data = (char*)data + read;
+
+ if (xfer != read || len == 0) return count;
}
} else {
DBG("usb_read NULL handle\n");
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index a649975..ed8cce6 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -90,7 +90,7 @@
return {};
}
-bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change) {
+bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change, bool) {
if (change) *change = false;
return false;
}
@@ -903,7 +903,8 @@
// Returns false if setup not permitted, errno set to last error.
// If something is altered, set *change.
-bool fs_mgr_overlayfs_setup(const char* backing, const char* mount_point, bool* change) {
+bool fs_mgr_overlayfs_setup(const char* backing, const char* mount_point, bool* change,
+ bool force) {
if (change) *change = false;
auto ret = false;
if (fs_mgr_overlayfs_valid() == OverlayfsValidResult::kNotSupported) return ret;
@@ -927,7 +928,7 @@
continue;
}
save_errno = errno;
- auto verity_enabled = fs_mgr_is_verity_enabled(*it);
+ auto verity_enabled = !force && fs_mgr_is_verity_enabled(*it);
if (errno == ENOENT || errno == ENXIO) errno = save_errno;
if (verity_enabled) {
it = candidates.erase(it);
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index 6482ed3..149bee3 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -93,14 +93,14 @@
logd(id, severity, tag, file, line, message);
}
-[[noreturn]] void reboot(bool dedupe) {
- if (dedupe) {
- LOG(INFO) << "The device will now reboot to recovery and attempt un-deduplication.";
+[[noreturn]] void reboot(bool overlayfs = false) {
+ if (overlayfs) {
+ LOG(INFO) << "Successfully setup overlayfs\nrebooting device";
} else {
LOG(INFO) << "Successfully disabled verity\nrebooting device";
}
::sync();
- android::base::SetProperty(ANDROID_RB_PROPERTY, dedupe ? "reboot,recovery" : "reboot,remount");
+ android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,remount");
::sleep(60);
::exit(0); // SUCCESS
}
@@ -250,54 +250,47 @@
// Check verity and optionally setup overlayfs backing.
auto reboot_later = false;
auto user_please_reboot_later = false;
- auto uses_overlayfs = fs_mgr_overlayfs_valid() != OverlayfsValidResult::kNotSupported;
+ auto setup_overlayfs = false;
+ auto just_disabled_verity = false;
for (auto it = partitions.begin(); it != partitions.end();) {
auto& entry = *it;
auto& mount_point = entry.mount_point;
if (fs_mgr_is_verity_enabled(entry)) {
retval = VERITY_PARTITION;
+ auto ret = false;
if (android::base::GetProperty("ro.boot.vbmeta.device_state", "") != "locked") {
if (AvbOps* ops = avb_ops_user_new()) {
- auto ret = avb_user_verity_set(
+ ret = avb_user_verity_set(
ops, android::base::GetProperty("ro.boot.slot_suffix", "").c_str(),
false);
avb_ops_user_free(ops);
- if (ret) {
- LOG(WARNING) << "Disabling verity for " << mount_point;
- reboot_later = can_reboot;
- if (reboot_later) {
- // w/o overlayfs available, also check for dedupe
- if (!uses_overlayfs) {
- ++it;
- continue;
- }
- reboot(false);
- }
- user_please_reboot_later = true;
- } else if (fs_mgr_set_blk_ro(entry.blk_device, false)) {
- fec::io fh(entry.blk_device.c_str(), O_RDWR);
- if (fh && fh.set_verity_status(false)) {
- LOG(WARNING) << "Disabling verity for " << mount_point;
- reboot_later = can_reboot;
- if (reboot_later && !uses_overlayfs) {
- ++it;
- continue;
- }
- user_please_reboot_later = true;
- }
- }
+ }
+ if (!ret && fs_mgr_set_blk_ro(entry.blk_device, false)) {
+ fec::io fh(entry.blk_device.c_str(), O_RDWR);
+ ret = fh && fh.set_verity_status(false);
+ }
+ if (ret) {
+ LOG(WARNING) << "Disabling verity for " << mount_point;
+ just_disabled_verity = true;
+ reboot_later = can_reboot;
+ user_please_reboot_later = true;
}
}
- LOG(ERROR) << "Skipping " << mount_point << " for remount";
- it = partitions.erase(it);
- continue;
+ if (!ret) {
+ LOG(ERROR) << "Skipping " << mount_point << " for remount";
+ it = partitions.erase(it);
+ continue;
+ }
}
auto change = false;
errno = 0;
- if (fs_mgr_overlayfs_setup(nullptr, mount_point.c_str(), &change)) {
+ if (fs_mgr_overlayfs_setup(nullptr, mount_point.c_str(), &change, just_disabled_verity)) {
if (change) {
LOG(INFO) << "Using overlayfs for " << mount_point;
+ reboot_later = can_reboot;
+ user_please_reboot_later = true;
+ setup_overlayfs = true;
}
} else if (errno) {
PLOG(ERROR) << "Overlayfs setup for " << mount_point << " failed, skipping";
@@ -308,8 +301,8 @@
++it;
}
- if (partitions.empty()) {
- if (reboot_later) reboot(false);
+ if (partitions.empty() || just_disabled_verity) {
+ if (reboot_later) reboot(setup_overlayfs);
if (user_please_reboot_later) {
LOG(INFO) << "Now reboot your device for settings to take effect";
return 0;
@@ -389,7 +382,7 @@
retval = REMOUNT_FAILED;
}
- if (reboot_later) reboot(false);
+ if (reboot_later) reboot(setup_overlayfs);
if (user_please_reboot_later) {
LOG(INFO) << "Now reboot your device for settings to take effect";
return 0;
diff --git a/fs_mgr/include/fs_mgr_overlayfs.h b/fs_mgr/include/fs_mgr_overlayfs.h
index 6aaf1f3..9a7381f 100644
--- a/fs_mgr/include/fs_mgr_overlayfs.h
+++ b/fs_mgr/include/fs_mgr_overlayfs.h
@@ -26,7 +26,7 @@
bool fs_mgr_overlayfs_mount_all(android::fs_mgr::Fstab* fstab);
std::vector<std::string> fs_mgr_overlayfs_required_devices(android::fs_mgr::Fstab* fstab);
bool fs_mgr_overlayfs_setup(const char* backing = nullptr, const char* mount_point = nullptr,
- bool* change = nullptr);
+ bool* change = nullptr, bool force = true);
bool fs_mgr_overlayfs_teardown(const char* mount_point = nullptr, bool* change = nullptr);
bool fs_mgr_overlayfs_is_setup();
bool fs_mgr_has_shared_blocks(const std::string& mount_point, const std::string& dev);
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index e6625e7..0390af3 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -33,6 +33,7 @@
## Helper Variables
##
+EMPTY=""
SPACE=" "
# A _real_ embedded tab character
TAB="`echo | tr '\n' '\t'`"
@@ -50,6 +51,9 @@
start_time=`date +%s`
ACTIVE_SLOT=
+ADB_WAIT=4m
+FASTBOOT_WAIT=2m
+
##
## Helper Functions
##
@@ -131,10 +135,30 @@
adb_logcat() {
echo "${RED}[ INFO ]${NORMAL} logcat ${@}" >&2 &&
adb logcat "${@}" </dev/null |
+ tr -d '\r' |
grep -v 'logd : logdr: UID=' |
sed -e '${/------- beginning of kernel/d}' -e 's/^[0-1][0-9]-[0-3][0-9] //'
}
+[ "USAGE: avc_check >/dev/stderr
+
+Returns: worrisome avc violations" ]
+avc_check() {
+ if ! ${overlayfs_supported:-false}; then
+ return
+ fi
+ local L=`adb_logcat -b all -v brief -d \
+ -e 'context=u:object_r:unlabeled:s0' 2>/dev/null |
+ sed -n 's/.*avc: //p' |
+ sort -u`
+ if [ -z "${L}" ]; then
+ return
+ fi
+ echo "${ORANGE}[ WARNING ]${NORMAL} unlabeled sepolicy violations:" >&2
+ echo "${L}" |
+ sed 's/^/ /' >&2
+}
+
[ "USAGE: get_property <prop>
Returns the property value" ]
@@ -173,6 +197,7 @@
Returns: true if the reboot command succeeded" ]
adb_reboot() {
+ avc_check
adb reboot remount-test </dev/null || true
sleep 2
}
@@ -240,10 +265,13 @@
Returns: waits until the device has returned for adb or optional timeout" ]
adb_wait() {
+ local start=`date +%s`
+ local duration=
local ret
if [ -n "${1}" ]; then
USB_DEVICE=`usb_devnum --next`
- echo -n ". . . waiting `format_duration ${1}`" ${ANDROID_SERIAL} ${USB_ADDRESS} ${USB_DEVICE} "${CR}"
+ duration=`format_duration ${1}`
+ echo -n ". . . waiting ${duration}" ${ANDROID_SERIAL} ${USB_ADDRESS} ${USB_DEVICE} "${CR}"
timeout --preserve-status --signal=KILL ${1} adb wait-for-device 2>/dev/null
ret=${?}
echo -n " ${CR}"
@@ -258,9 +286,45 @@
echo "${ORANGE}[ WARNING ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}" >&2
fi
fi
+ local end=`date +%s`
+ local diff_time=`expr ${end} - ${start}`
+ local _print_time=${print_time}
+ if [ ${diff_time} -lt 15 ]; then
+ _print_time=false
+ fi
+ diff_time=`format_duration ${diff_time}`
+ if [ "${diff_time}" = "${duration}" ]; then
+ _print_time=false
+ fi
+
+ local reason=
+ if inAdb; then
+ reason=`get_property ro.boot.bootreason`
+ fi
+ case ${reason} in
+ reboot*)
+ reason=
+ ;;
+ ${EMPTY})
+ ;;
+ *)
+ reason=" for boot reason ${reason}"
+ ;;
+ esac
+ if ${_print_time} || [ -n "${reason}" ]; then
+ echo "${BLUE}[ INFO ]${NORMAL} adb wait duration ${diff_time}${reason}"
+ fi >&2
+
return ${ret}
}
+[ "USAGE: adb_user > /dev/stdout
+
+Returns: the adb daemon user" ]
+adb_user() {
+ adb_sh echo '${USER}' </dev/null
+}
+
[ "USAGE: usb_status > stdout 2> stderr
Assumes referenced right after adb_wait or fastboot_wait failued.
@@ -276,7 +340,7 @@
elif inRecovery; then
echo "(In recovery mode)"
elif inAdb; then
- echo "(In adb mode)"
+ echo "(In adb mode `adb_user`)"
else
echo "(USB stack borken for ${USB_ADDRESS})"
USB_DEVICE=`usb_devnum`
@@ -366,17 +430,68 @@
inFastboot || inAdb || inRecovery
}
+wait_for_screen_timeout=900
+[ "USAGE: wait_for_screen [-n] [TIMEOUT]
+
+-n - echo newline at exit
+TIMEOUT - default `format_duration ${wait_for_screen_timeout}`" ]
+wait_for_screen() {
+ exit_function=true
+ if [ X"-n" = X"${1}" ]; then
+ exit_function=echo
+ shift
+ fi
+ timeout=${wait_for_screen_timeout}
+ if [ ${#} -gt 0 ]; then
+ timeout=${1}
+ shift
+ fi
+ counter=0
+ while true; do
+ if inFastboot; then
+ fastboot reboot
+ elif inAdb; then
+ if [ 0 != ${counter} ]; then
+ adb_wait
+ fi
+ if [ -n "`get_property sys.boot.reason`" ]
+ then
+ vals=`get_property |
+ sed -n 's/[[]sys[.]\(boot_completed\|logbootcomplete\)[]]: [[]\([01]\)[]]$/\1=\2/p'`
+ if [ "${vals}" = "`echo boot_completed=1 ; echo logbootcomplete=1`" ]
+ then
+ sleep 1
+ break
+ fi
+ if [ "${vals}" = "`echo logbootcomplete=1 ; echo boot_completed=1`" ]
+ then
+ sleep 1
+ break
+ fi
+ fi
+ fi
+ counter=`expr ${counter} + 1`
+ if [ ${counter} -gt ${timeout} ]; then
+ ${exit_function}
+ echo "ERROR: wait_for_screen() timed out (`format_duration ${timeout}`)" >&2
+ return 1
+ fi
+ sleep 1
+ done
+ ${exit_function}
+}
+
[ "USAGE: adb_root
NB: This can be flakey on devices due to USB state
Returns: true if device in root state" ]
adb_root() {
- [ root != "`adb_sh echo '${USER}' </dev/null`" ] || return 0
+ [ root != "`adb_user`" ] || return 0
adb root >/dev/null </dev/null 2>/dev/null
sleep 2
- adb_wait 2m &&
- [ root = "`adb_sh echo '${USER}' </dev/null`" ]
+ adb_wait ${ADB_WAIT} &&
+ [ root = "`adb_user`" ]
}
[ "USAGE: adb_unroot
@@ -385,11 +500,11 @@
Returns: true if device in un root state" ]
adb_unroot() {
- [ root = "`adb_sh echo '${USER}' </dev/null`" ] || return 0
+ [ root = "`adb_user`" ] || return 0
adb unroot >/dev/null </dev/null 2>/dev/null
sleep 2
- adb_wait 2m &&
- [ root != "`adb_sh echo '${USER}' </dev/null`" ]
+ adb_wait ${ADB_WAIT} &&
+ [ root != "`adb_user`" ]
}
[ "USAGE: fastboot_getvar var expected >/dev/stderr
@@ -540,6 +655,30 @@
return 0
}
+[ "USAGE: EXPECT_NE <lval> <rval> [--warning [message]]
+
+Returns true if lval matches rval" ]
+EXPECT_NE() {
+ local lval="${1}"
+ local rval="${2}"
+ shift 2
+ local error=1
+ local prefix="${RED}[ ERROR ]${NORMAL}"
+ if [ X"${1}" = X"--warning" ]; then
+ prefix="${RED}[ WARNING ]${NORMAL}"
+ error=0
+ shift 1
+ fi
+ if [ X"${rval}" = X"${lval}" ]; then
+ echo "${prefix} did not expect \"${lval}\" ${*}" >&2
+ return ${error}
+ fi
+ if [ -n "${*}" ] ; then
+ echo "${prefix} ok \"${lval}\" not \"${rval}\" ${*}" >&2
+ fi
+ return 0
+}
+
[ "USAGE: check_eq <lval> <rval> [--warning [message]]
Exits if (regex) lval mismatches rval" ]
@@ -555,6 +694,21 @@
die "${@}"
}
+[ "USAGE: check_ne <lval> <rval> [--warning [message]]
+
+Exits if lval matches rval" ]
+check_ne() {
+ local lval="${1}"
+ local rval="${2}"
+ shift 2
+ if [ X"${1}" = X"--warning" ]; then
+ EXPECT_NE "${lval}" "${rval}" ${*}
+ return
+ fi
+ EXPECT_NE "${lval}" "${rval}" ||
+ die "${@}"
+}
+
[ "USAGE: skip_administrative_mounts [data] < /proc/mounts
Filters out all administrative (eg: sysfs) mounts uninteresting to the test" ]
@@ -645,7 +799,7 @@
inRecovery && die "device in recovery mode"
if ! inAdb; then
echo "${ORANGE}[ WARNING ]${NORMAL} device not in adb mode" >&2
- adb_wait 2m
+ adb_wait ${ADB_WAIT}
fi
inAdb || die "specified device not in adb mode"
isDebuggable || die "device not a debug build"
@@ -697,6 +851,8 @@
esac
done
+# If reboot too soon after fresh flash, could trip device update failure logic
+wait_for_screen
# Can we test remount -R command?
overlayfs_supported=true
if [ "orange" = "`get_property ro.boot.verifiedbootstate`" -a \
@@ -705,19 +861,20 @@
${overlayfs_supported} || return 0
inFastboot &&
fastboot reboot &&
- adb_wait 2m
+ adb_wait ${ADB_WAIT}
inAdb &&
adb_root &&
adb enable-verity >/dev/null 2>/dev/null &&
adb_reboot &&
- adb_wait 2m
+ adb_wait ${ADB_WAIT}
}
echo "${GREEN}[ RUN ]${NORMAL} Testing adb shell su root remount -R command" >&2
+ avc_check
adb_su remount -R system </dev/null || true
sleep 2
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
die "waiting for device after remount -R `usb_status`"
if [ "orange" != "`get_property ro.boot.verifiedbootstate`" -o \
"2" = "`get_property partition.system.verified`" ]; then
@@ -775,7 +932,7 @@
if ${reboot}; then
echo "${ORANGE}[ WARNING ]${NORMAL} rebooting before test" >&2
adb_reboot &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
die "lost device after reboot after wipe `usb_status`"
adb_root ||
die "lost device after elevation to root after wipe `usb_status`"
@@ -806,6 +963,15 @@
echo "${D}"
if [ X"${D}" = X"${D##* 100[%] }" ] && ${no_dedupe} ; then
overlayfs_needed=false
+ # if device does not need overlays, then adb enable-verity will brick device
+ restore() {
+ ${overlayfs_supported} || return 0
+ inFastboot &&
+ fastboot reboot &&
+ adb_wait ${ADB_WAIT}
+ inAdb &&
+ adb_wait ${ADB_WAIT}
+ }
elif ! ${overlayfs_supported}; then
die "need overlayfs, but do not have it"
fi
@@ -840,7 +1006,7 @@
echo "${GREEN}[ INFO ]${NORMAL} rebooting as requested" >&2
L=`adb_logcat -b all -v nsec -t ${T} 2>&1`
adb_reboot &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
die "lost device after reboot requested `usb_status`"
adb_root ||
die "lost device after elevation to root `usb_status`"
@@ -881,6 +1047,11 @@
echo "${GREEN}[ RUN ]${NORMAL} remount" >&2
+# Feed log with selinux denials as baseline before overlays
+adb_unroot
+adb_sh find /system /vendor </dev/null >/dev/null 2>/dev/null
+adb_root
+
D=`adb remount 2>&1`
ret=${?}
echo "${D}"
@@ -981,6 +1152,26 @@
B="`adb_cat /vendor/hello`" ||
die "vendor hello"
check_eq "${A}" "${B}" /vendor before reboot
+SYSTEM_DEVT=`adb_sh stat --format=%D /system/hello </dev/null`
+VENDOR_DEVT=`adb_sh stat --format=%D /vendor/hello </dev/null`
+SYSTEM_INO=`adb_sh stat --format=%i /system/hello </dev/null`
+VENDOR_INO=`adb_sh stat --format=%i /vendor/hello </dev/null`
+BASE_SYSTEM_DEVT=`adb_sh stat --format=%D /system/bin/stat </dev/null`
+BASE_VENDOR_DEVT=`adb_sh stat --format=%D /vendor/bin/stat </dev/null`
+check_eq "${SYSTEM_DEVT%[0-9a-fA-F][0-9a-fA-F]}" "${VENDOR_DEVT%[0-9a-fA-F][0-9a-fA-F]}" vendor and system devt
+check_ne "${SYSTEM_INO}" "${VENDOR_INO}" vendor and system inode
+if ${overlayfs_needed}; then
+ check_ne "${SYSTEM_DEVT}" "${BASE_SYSTEM_DEVT}" system devt
+ check_ne "${VENDOR_DEVT}" "${BASE_VENDOR_DEVT}" vendor devt
+else
+ check_eq "${SYSTEM_DEVT}" "${BASE_SYSTEM_DEVT}" system devt
+ check_eq "${VENDOR_DEVT}" "${BASE_VENDOR_DEVT}" vendor devt
+fi
+check_ne "${BASE_SYSTEM_DEVT}" "${BASE_VENDOR_DEVT}" --warning system/vendor devt
+[ -n "${SYSTEM_DEVT%[0-9a-fA-F][0-9a-fA-F]}" ] ||
+ die "system devt ${SYSTEM_DEVT} is major 0"
+[ -n "${VENDOR_DEVT%[0-9a-fA-F][0-9a-fA-F]}" ] ||
+ die "vendor devt ${SYSTEM_DEVT} is major 0"
# Download libc.so, append some gargage, push back, and check if the file
# is updated.
@@ -1005,11 +1196,11 @@
inRecovery || return 1
echo "${ORANGE}[ ERROR ]${NORMAL} Device in recovery" >&2
adb reboot </dev/null
- adb_wait 2m
+ adb_wait ${ADB_WAIT}
}
adb_reboot &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
fixup_from_recovery ||
die "reboot after override content added failed `usb_status`"
@@ -1033,6 +1224,9 @@
B="`adb_cat /vendor/hello 2>&1`"
check_eq "cat: /vendor/hello: Permission denied" "${B}" vendor after reboot w/o root
echo "${GREEN}[ OK ]${NORMAL} /vendor content correct MAC after reboot" >&2
+ # Feed unprivileged log with selinux denials as a result of overlays
+ wait_for_screen
+ adb_sh find /system /vendor </dev/null >/dev/null 2>/dev/null
fi
B="`adb_cat /system/hello`"
check_eq "${A}" "${B}" /system after reboot
@@ -1044,6 +1238,17 @@
check_eq "${A}" "${B}" vendor after reboot
echo "${GREEN}[ OK ]${NORMAL} /vendor content remains after reboot" >&2
+check_eq "${SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/hello </dev/null`" system devt after reboot
+check_eq "${VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/hello </dev/null`" vendor devt after reboot
+check_eq "${SYSTEM_INO}" "`adb_sh stat --format=%i /system/hello </dev/null`" system inode after reboot
+check_eq "${VENDOR_INO}" "`adb_sh stat --format=%i /vendor/hello </dev/null`" vendor inode after reboot
+check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" base system devt after reboot
+check_eq "${BASE_VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/bin/stat </dev/null`" base system devt after reboot
+check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" devt for su after reboot
+
+# Feed log with selinux denials as a result of overlays
+adb_sh find /system /vendor </dev/null >/dev/null 2>/dev/null
+
# Check if the updated libc.so is persistent after reboot.
adb_root &&
adb pull /system/lib/bootstrap/libc.so ${tempdir}/libc.so.fromdevice >/dev/null ||
@@ -1073,10 +1278,17 @@
echo "${ORANGE}[ WARNING ]${NORMAL} wrong vendor image, skipping"
elif [ -z "${ANDROID_HOST_OUT}" ]; then
echo "${ORANGE}[ WARNING ]${NORMAL} please run lunch, skipping"
+elif ! (
+ adb_cat /vendor/build.prop |
+ cmp -s ${ANDROID_PRODUCT_OUT}/vendor/build.prop
+ ) >/dev/null 2>/dev/null; then
+ echo "${ORANGE}[ WARNING ]${NORMAL} vendor image signature mismatch, skipping"
else
+ wait_for_screen
+ avc_check
adb reboot fastboot </dev/null ||
die "fastbootd not supported (wrong adb in path?)"
- any_wait 2m &&
+ any_wait ${ADB_WAIT} &&
inFastboot ||
die "reboot into fastboot to flash vendor `usb_status` (bad bootloader?)"
fastboot flash vendor ||
@@ -1117,9 +1329,9 @@
fastboot reboot ||
die "can not reboot out of fastboot"
echo "${ORANGE}[ WARNING ]${NORMAL} adb after fastboot"
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
fixup_from_recovery ||
- die "did not reboot after flash `usb_status`"
+ die "did not reboot after formatting ${scratch_cpartition} `usb_status`"
if ${overlayfs_needed}; then
adb_root &&
D=`adb_sh df -k </dev/null` &&
@@ -1150,8 +1362,15 @@
check_eq "cat: /vendor/hello: No such file or directory" "${B}" \
--warning vendor content after flash vendor
fi
+
+ check_eq "${SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/hello </dev/null`" system devt after reboot
+ check_eq "${SYSTEM_INO}" "`adb_sh stat --format=%i /system/hello </dev/null`" system inode after reboot
+ check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" base system devt after reboot
+ check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" devt for su after reboot
+
fi
+wait_for_screen
echo "${GREEN}[ RUN ]${NORMAL} remove test content (cleanup)" >&2
T=`adb_date`
@@ -1163,7 +1382,7 @@
echo "${ORANGE}[ WARNING ]${NORMAL} adb remount requires a reboot after partial flash (legacy avb)"
L=`adb_logcat -b all -v nsec -t ${T} 2>&1`
adb_reboot &&
- adb_wait 2m &&
+ adb_wait ${ADB_WAIT} &&
adb_root ||
die "failed to reboot"
T=`adb_date`
@@ -1185,6 +1404,7 @@
echo "${GREEN}[ RUN ]${NORMAL} test fastboot flash to ${scratch_partition} recovery" >&2
+ avc_check
adb reboot fastboot </dev/null ||
die "Reboot into fastbootd"
img=${TMPDIR}/adb-remount-test-${$}.img
@@ -1192,7 +1412,7 @@
rm ${img}
}
dd if=/dev/zero of=${img} bs=4096 count=16 2>/dev/null &&
- fastboot_wait 2m ||
+ fastboot_wait ${FASTBOOT_WAIT} ||
die "reboot into fastboot `usb_status`"
fastboot flash --force ${scratch_partition} ${img}
err=${?}
@@ -1204,9 +1424,9 @@
die "can not reboot out of fastboot"
[ 0 -eq ${err} ] ||
die "fastboot flash ${scratch_partition}"
- adb_wait 2m &&
+ adb_wait ${ADB_WAIT} &&
adb_root ||
- die "did not reboot after flash"
+ die "did not reboot after flashing empty ${scratch_partition} `usb_status`"
T=`adb_date`
D=`adb disable-verity 2>&1`
err=${?}
@@ -1214,7 +1434,7 @@
then
echo "${ORANGE}[ WARNING ]${NORMAL} adb disable-verity requires a reboot after partial flash"
adb_reboot &&
- adb_wait 2m &&
+ adb_wait ${ADB_WAIT} &&
adb_root ||
die "failed to reboot"
T=`adb_date`
@@ -1252,12 +1472,12 @@
fastboot --set-active=${ACTIVE_SLOT}
fi
fastboot reboot
- adb_wait 2m
+ adb_wait ${ADB_WAIT}
}
# Prerequisite is a prepped device from above.
adb_reboot &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
fixup_from_fastboot ||
die "lost device after reboot to ro state `usb_status`"
adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
@@ -1270,7 +1490,7 @@
# Prerequisite is a prepped device from above.
adb_reboot &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
fixup_from_fastboot ||
die "lost device after reboot to ro state `usb_status`"
adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
@@ -1291,27 +1511,35 @@
die "/${d}/overlay wipe"
done
adb_reboot &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
fixup_from_fastboot ||
die "lost device after reboot after wipe `usb_status`"
adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
die "/vendor is not read-only"
adb_su remount vendor </dev/null ||
die "remount command"
+adb_su df -k </dev/null | skip_unrelated_mounts
adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null ||
die "/vendor is not read-write"
-adb_sh grep " /system .* rw," /proc/mounts >/dev/null </dev/null &&
+adb_sh grep " \(/system\|/\) .* rw," /proc/mounts >/dev/null </dev/null &&
die "/system is not read-only"
echo "${GREEN}[ OK ]${NORMAL} remount command works from scratch" >&2
-restore
-err=${?}
+if ! restore; then
+ restore() {
+ true
+ }
+ die "failed to restore verity after remount from scratch test"
+fi
-if [ ${err} = 0 ] && ${overlayfs_supported}; then
+err=0
+
+if ${overlayfs_supported}; then
echo "${GREEN}[ RUN ]${NORMAL} test 'adb remount -R'" >&2
+ avc_check
adb_root &&
adb remount -R &&
- adb_wait 2m ||
+ adb_wait ${ADB_WAIT} ||
die "adb remount -R"
if [ "orange" != "`get_property ro.boot.verifiedbootstate`" -o \
"2" = "`get_property partition.system.verified`" ]; then
@@ -1329,7 +1557,7 @@
}
[ ${err} = 0 ] ||
- die "failed to restore verity" >&2
+ die "failed to restore verity"
echo "${GREEN}[ PASSED ]${NORMAL} adb remount" >&2
diff --git a/init/Android.bp b/init/Android.bp
index 383a69d..eaa7fd7 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -68,6 +68,7 @@
"libpropertyinfoparser",
],
shared_libs: [
+ "libbacktrace",
"libbase",
"libbinder",
"libbootloader_message",
@@ -123,8 +124,10 @@
"reboot.cpp",
"reboot_utils.cpp",
"security.cpp",
+ "selabel.cpp",
"selinux.cpp",
"service.cpp",
+ "service_utils.cpp",
"sigchld_handler.cpp",
"subcontext.cpp",
"subcontext.proto",
@@ -257,6 +260,7 @@
"rlimit_parser.cpp",
"tokenizer.cpp",
"service.cpp",
+ "service_utils.cpp",
"subcontext.cpp",
"subcontext.proto",
"util.cpp",
diff --git a/init/Android.mk b/init/Android.mk
index b02c926..0a3e8c7 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -52,6 +52,7 @@
first_stage_mount.cpp \
mount_namespace.cpp \
reboot_utils.cpp \
+ selabel.cpp \
selinux.cpp \
switch_root.cpp \
uevent_listener.cpp \
@@ -105,6 +106,10 @@
libcap \
libgsi \
libcom.android.sysprop.apex \
+ liblzma \
+ libdexfile_support \
+ libunwindstack \
+ libbacktrace \
LOCAL_SANITIZE := signed-integer-overflow
# First stage init is weird: it may start without stdout/stderr, and no /proc.
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 840f2d4..e9d58c6 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -70,6 +70,7 @@
#include "property_service.h"
#include "reboot.h"
#include "rlimit_parser.h"
+#include "selabel.h"
#include "selinux.h"
#include "service.h"
#include "subcontext.h"
diff --git a/init/devices.cpp b/init/devices.cpp
index 159c75e..5e760d0 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -36,7 +36,7 @@
#include <selinux/android.h>
#include <selinux/selinux.h>
-#include "selinux.h"
+#include "selabel.h"
#include "util.h"
#ifdef _INIT_INIT_H
diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
index 7dd3ad4..5d64f41 100644
--- a/init/first_stage_init.cpp
+++ b/init/first_stage_init.cpp
@@ -33,7 +33,6 @@
#include <android-base/chrono_utils.h>
#include <android-base/file.h>
#include <android-base/logging.h>
-#include <cutils/android_reboot.h>
#include <private/android_filesystem_config.h>
#include "debug_ramdisk.h"
@@ -168,13 +167,10 @@
"mode=0755,uid=0,gid=0"));
#undef CHECKCALL
+ SetStdioToDevNull(argv);
// Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually
// talk to the outside world...
- // We need to set up stdin/stdout/stderr for child processes forked from first
- // stage init as part of the mount process. This closes /dev/console if the
- // kernel had previously opened it.
- auto reboot_bootloader = [](const char*) { RebootSystem(ANDROID_RB_RESTART2, "bootloader"); };
- InitKernelLogging(argv, reboot_bootloader);
+ InitKernelLogging(argv);
if (!errors.empty()) {
for (const auto& [error_string, error_errno] : errors) {
diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h
index 63ceead..f6e9676 100644
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@@ -44,6 +44,12 @@
uint32_t HandlePropertySet(const std::string& name, const std::string& value,
const std::string& source_context, const ucred& cr, std::string* error);
+// reboot_utils.h
+inline void SetFatalRebootTarget() {}
+inline void __attribute__((noreturn)) InitFatalReboot() {
+ abort();
+}
+
// selinux.h
int SelinuxGetVendorAndroidVersion();
void SelabelInitialize();
diff --git a/init/init.cpp b/init/init.cpp
index 0615d44..8ce96f6 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -39,7 +39,6 @@
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
-#include <cutils/android_reboot.h>
#include <fs_avb/fs_avb.h>
#include <fs_mgr_vendor_overlay.h>
#include <keyutils.h>
@@ -66,6 +65,7 @@
#include "reboot.h"
#include "reboot_utils.h"
#include "security.h"
+#include "selabel.h"
#include "selinux.h"
#include "sigchld_handler.h"
#include "util.h"
@@ -605,17 +605,6 @@
}
}
-static void InitAborter(const char* abort_message) {
- // When init forks, it continues to use this aborter for LOG(FATAL), but we want children to
- // simply abort instead of trying to reboot the system.
- if (getpid() != 1) {
- android::base::DefaultAborter(abort_message);
- return;
- }
-
- RebootSystem(ANDROID_RB_RESTART2, "bootloader");
-}
-
static void GlobalSeccomp() {
import_kernel_cmdline(false, [](const std::string& key, const std::string& value,
bool in_qemu) {
@@ -663,8 +652,8 @@
boot_clock::time_point start_time = boot_clock::now();
- // We need to set up stdin/stdout/stderr again now that we're running in init's context.
- InitKernelLogging(argv, InitAborter);
+ SetStdioToDevNull(argv);
+ InitKernelLogging(argv);
LOG(INFO) << "init second stage started!";
// Set init and its forked children's oom_adj.
diff --git a/init/mount_namespace.cpp b/init/mount_namespace.cpp
index 5305dc7..12144c1 100644
--- a/init/mount_namespace.cpp
+++ b/init/mount_namespace.cpp
@@ -79,6 +79,38 @@
return updatable;
}
+static bool ActivateFlattenedApexesIfPossible() {
+ if (IsRecoveryMode() || IsApexUpdatable()) {
+ return true;
+ }
+
+ constexpr const char kSystemApex[] = "/system/apex";
+ constexpr const char kApexTop[] = "/apex";
+ if (mount(kSystemApex, kApexTop, nullptr, MS_BIND, nullptr) != 0) {
+ PLOG(ERROR) << "Could not bind mount " << kSystemApex << " to " << kApexTop;
+ return false;
+ }
+
+ // Special casing for the runtime APEX
+ constexpr const char kRuntimeApexMountPath[] = "/system/apex/com.android.runtime";
+ static const std::vector<std::string> kRuntimeApexDirNames = {"com.android.runtime.release",
+ "com.android.runtime.debug"};
+ bool success = false;
+ for (const auto& name : kRuntimeApexDirNames) {
+ std::string path = std::string(kSystemApex) + "/" + name;
+ if (access(path.c_str(), F_OK) == 0) {
+ if (mount(path.c_str(), kRuntimeApexMountPath, nullptr, MS_BIND, nullptr) == 0) {
+ success = true;
+ break;
+ }
+ }
+ }
+ if (!success) {
+ PLOG(ERROR) << "Failed to bind mount the runtime APEX to " << kRuntimeApexMountPath;
+ }
+ return success;
+}
+
static android::base::unique_fd bootstrap_ns_fd;
static android::base::unique_fd default_ns_fd;
@@ -129,6 +161,8 @@
default_ns_id = GetMountNamespaceId();
}
+ success &= ActivateFlattenedApexesIfPossible();
+
LOG(INFO) << "SetupMountNamespaces done";
return success;
}
diff --git a/init/reboot_utils.cpp b/init/reboot_utils.cpp
index 9610304..d1a712f 100644
--- a/init/reboot_utils.cpp
+++ b/init/reboot_utils.cpp
@@ -19,14 +19,40 @@
#include <sys/syscall.h>
#include <unistd.h>
-#include <android-base/logging.h>
-#include <cutils/android_reboot.h>
+#include <string>
+
+#include "android-base/file.h"
+#include "android-base/logging.h"
+#include "android-base/strings.h"
+#include "backtrace/Backtrace.h"
+#include "cutils/android_reboot.h"
#include "capabilities.h"
namespace android {
namespace init {
+static std::string init_fatal_reboot_target = "bootloader";
+
+void SetFatalRebootTarget() {
+ std::string cmdline;
+ android::base::ReadFileToString("/proc/cmdline", &cmdline);
+ cmdline = android::base::Trim(cmdline);
+
+ const char kRebootTargetString[] = "androidboot.init_fatal_reboot_target=";
+ auto start_pos = cmdline.find(kRebootTargetString);
+ if (start_pos == std::string::npos) {
+ return; // We already default to bootloader if no setting is provided.
+ }
+ start_pos += sizeof(kRebootTargetString) - 1;
+
+ auto end_pos = cmdline.find(' ', start_pos);
+ // if end_pos isn't found, then we've run off the end, but this is okay as this is the last
+ // entry, and -1 is a valid size for string::substr();
+ auto size = end_pos == std::string::npos ? -1 : end_pos - start_pos;
+ init_fatal_reboot_target = cmdline.substr(start_pos, size);
+}
+
bool IsRebootCapable() {
if (!CAP_IS_SUPPORTED(CAP_SYS_BOOT)) {
PLOG(WARNING) << "CAP_SYS_BOOT is not supported";
@@ -75,6 +101,32 @@
abort();
}
+void __attribute__((noreturn)) InitFatalReboot() {
+ auto pid = fork();
+
+ if (pid == -1) {
+ // Couldn't fork, don't even try to backtrace, just reboot.
+ RebootSystem(ANDROID_RB_RESTART2, init_fatal_reboot_target);
+ } else if (pid == 0) {
+ // Fork a child for safety, since we always want to shut down if something goes wrong, but
+ // its worth trying to get the backtrace, even in the signal handler, since typically it
+ // does work despite not being async-signal-safe.
+ sleep(5);
+ RebootSystem(ANDROID_RB_RESTART2, init_fatal_reboot_target);
+ }
+
+ // In the parent, let's try to get a backtrace then shutdown.
+ std::unique_ptr<Backtrace> backtrace(
+ Backtrace::Create(BACKTRACE_CURRENT_PROCESS, BACKTRACE_CURRENT_THREAD));
+ if (!backtrace->Unwind(0)) {
+ LOG(ERROR) << __FUNCTION__ << ": Failed to unwind callstack.";
+ }
+ for (size_t i = 0; i < backtrace->NumFrames(); i++) {
+ LOG(ERROR) << backtrace->FormatFrameData(i);
+ }
+ RebootSystem(ANDROID_RB_RESTART2, init_fatal_reboot_target);
+}
+
void InstallRebootSignalHandlers() {
// Instead of panic'ing the kernel as is the default behavior when init crashes,
// we prefer to reboot to bootloader on development builds, as this will prevent
@@ -94,7 +146,7 @@
// RebootSystem uses syscall() which isn't actually async-signal-safe, but our only option
// and probably good enough given this is already an error case and only enabled for
// development builds.
- RebootSystem(ANDROID_RB_RESTART2, "bootloader");
+ InitFatalReboot();
};
action.sa_flags = SA_RESTART;
sigaction(SIGABRT, &action, nullptr);
diff --git a/init/reboot_utils.h b/init/reboot_utils.h
index 073a16a..3fd969e 100644
--- a/init/reboot_utils.h
+++ b/init/reboot_utils.h
@@ -21,11 +21,13 @@
namespace android {
namespace init {
+void SetFatalRebootTarget();
// Determines whether the system is capable of rebooting. This is conservative,
// so if any of the attempts to determine this fail, it will still return true.
bool IsRebootCapable();
// This is a wrapper around the actual reboot calls.
void __attribute__((noreturn)) RebootSystem(unsigned int cmd, const std::string& reboot_target);
+void __attribute__((noreturn)) InitFatalReboot();
void InstallRebootSignalHandlers();
} // namespace init
diff --git a/init/selabel.cpp b/init/selabel.cpp
new file mode 100644
index 0000000..daeb832
--- /dev/null
+++ b/init/selabel.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "selabel.h"
+
+#include <selinux/android.h>
+
+namespace android {
+namespace init {
+
+namespace {
+
+selabel_handle* sehandle = nullptr;
+}
+
+// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
+// its value. selinux_android_restorecon() also needs an sehandle for file context look up. It
+// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
+// one, thus eliminating an extra call to selinux_android_file_context_handle().
+void SelabelInitialize() {
+ sehandle = selinux_android_file_context_handle();
+ selinux_android_set_sehandle(sehandle);
+}
+
+// A C++ wrapper around selabel_lookup() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
+ result->clear();
+
+ if (!sehandle) return true;
+
+ char* context;
+ if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
+ return false;
+ }
+ *result = context;
+ free(context);
+ return true;
+}
+
+// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+ const std::vector<std::string>& aliases, int type,
+ std::string* result) {
+ result->clear();
+
+ if (!sehandle) return true;
+
+ std::vector<const char*> c_aliases;
+ for (const auto& alias : aliases) {
+ c_aliases.emplace_back(alias.c_str());
+ }
+ c_aliases.emplace_back(nullptr);
+
+ char* context;
+ if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
+ return false;
+ }
+ *result = context;
+ free(context);
+ return true;
+}
+
+} // namespace init
+} // namespace android
diff --git a/init/selabel.h b/init/selabel.h
new file mode 100644
index 0000000..5d590b2
--- /dev/null
+++ b/init/selabel.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+namespace android {
+namespace init {
+
+void SelabelInitialize();
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+ const std::vector<std::string>& aliases, int type,
+ std::string* result);
+
+} // namespace init
+} // namespace android
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 8a63363..54be086 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -60,7 +60,6 @@
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/unique_fd.h>
-#include <cutils/android_reboot.h>
#include <fs_avb/fs_avb.h>
#include <selinux/android.h>
@@ -80,8 +79,6 @@
namespace {
-selabel_handle* sehandle = nullptr;
-
enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
EnforcingStatus StatusFromCmdline() {
@@ -522,9 +519,7 @@
// This function initializes SELinux then execs init to run in the init SELinux context.
int SetupSelinux(char** argv) {
- android::base::InitLogging(argv, &android::base::KernelLogger, [](const char*) {
- RebootSystem(ANDROID_RB_RESTART2, "bootloader");
- });
+ InitKernelLogging(argv);
if (REBOOT_BOOTLOADER_ON_PANIC) {
InstallRebootSignalHandlers();
@@ -557,54 +552,5 @@
return 1;
}
-// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
-// its value. selinux_android_restorecon() also needs an sehandle for file context look up. It
-// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
-// one, thus eliminating an extra call to selinux_android_file_context_handle().
-void SelabelInitialize() {
- sehandle = selinux_android_file_context_handle();
- selinux_android_set_sehandle(sehandle);
-}
-
-// A C++ wrapper around selabel_lookup() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
- result->clear();
-
- if (!sehandle) return true;
-
- char* context;
- if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
- return false;
- }
- *result = context;
- free(context);
- return true;
-}
-
-// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContextBestMatch(const std::string& key,
- const std::vector<std::string>& aliases, int type,
- std::string* result) {
- result->clear();
-
- if (!sehandle) return true;
-
- std::vector<const char*> c_aliases;
- for (const auto& alias : aliases) {
- c_aliases.emplace_back(alias.c_str());
- }
- c_aliases.emplace_back(nullptr);
-
- char* context;
- if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
- return false;
- }
- *result = context;
- free(context);
- return true;
-}
-
} // namespace init
} // namespace android
diff --git a/init/selinux.h b/init/selinux.h
index c7d6647..63ad470 100644
--- a/init/selinux.h
+++ b/init/selinux.h
@@ -14,11 +14,7 @@
* limitations under the License.
*/
-#ifndef _INIT_SELINUX_H
-#define _INIT_SELINUX_H
-
-#include <string>
-#include <vector>
+#pragma once
namespace android {
namespace init {
@@ -29,15 +25,7 @@
void SelinuxSetupKernelLogging();
int SelinuxGetVendorAndroidVersion();
-void SelabelInitialize();
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
-bool SelabelLookupFileContextBestMatch(const std::string& key,
- const std::vector<std::string>& aliases, int type,
- std::string* result);
-
static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT";
} // namespace init
} // namespace android
-
-#endif
diff --git a/init/service.cpp b/init/service.cpp
index 6887d7b..8fe5b30 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -21,12 +21,10 @@
#include <linux/input.h>
#include <linux/securebits.h>
#include <sched.h>
-#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/time.h>
-#include <sys/wait.h>
#include <termios.h>
#include <unistd.h>
@@ -36,7 +34,6 @@
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
-#include <android-base/unique_fd.h>
#include <hidl-util/FQName.h>
#include <processgroup/processgroup.h>
#include <selinux/selinux.h>
@@ -46,6 +43,7 @@
#include "util.h"
#if defined(__ANDROID__)
+#include <ApexProperties.sysprop.h>
#include <android/api-level.h>
#include <sys/system_properties.h>
@@ -64,7 +62,6 @@
using android::base::Split;
using android::base::StartsWith;
using android::base::StringPrintf;
-using android::base::unique_fd;
using android::base::WriteStringToFile;
namespace android {
@@ -106,87 +103,6 @@
return computed_context;
}
-Result<Success> Service::SetUpMountNamespace() const {
- constexpr unsigned int kSafeFlags = MS_NODEV | MS_NOEXEC | MS_NOSUID;
-
- // Recursively remount / as slave like zygote does so unmounting and mounting /proc
- // doesn't interfere with the parent namespace's /proc mount. This will also
- // prevent any other mounts/unmounts initiated by the service from interfering
- // with the parent namespace but will still allow mount events from the parent
- // namespace to propagate to the child.
- if (mount("rootfs", "/", nullptr, (MS_SLAVE | MS_REC), nullptr) == -1) {
- return ErrnoError() << "Could not remount(/) recursively as slave";
- }
-
- // umount() then mount() /proc and/or /sys
- // Note that it is not sufficient to mount with MS_REMOUNT.
- if (namespace_flags_ & CLONE_NEWPID) {
- if (umount("/proc") == -1) {
- return ErrnoError() << "Could not umount(/proc)";
- }
- if (mount("", "/proc", "proc", kSafeFlags, "") == -1) {
- return ErrnoError() << "Could not mount(/proc)";
- }
- }
- bool remount_sys = std::any_of(namespaces_to_enter_.begin(), namespaces_to_enter_.end(),
- [](const auto& entry) { return entry.first == CLONE_NEWNET; });
- if (remount_sys) {
- if (umount2("/sys", MNT_DETACH) == -1) {
- return ErrnoError() << "Could not umount(/sys)";
- }
- if (mount("", "/sys", "sysfs", kSafeFlags, "") == -1) {
- return ErrnoError() << "Could not mount(/sys)";
- }
- }
- return Success();
-}
-
-Result<Success> Service::SetUpPidNamespace() const {
- if (prctl(PR_SET_NAME, name_.c_str()) == -1) {
- return ErrnoError() << "Could not set name";
- }
-
- pid_t child_pid = fork();
- if (child_pid == -1) {
- return ErrnoError() << "Could not fork init inside the PID namespace";
- }
-
- if (child_pid > 0) {
- // So that we exit with the right status.
- static int init_exitstatus = 0;
- signal(SIGTERM, [](int) { _exit(init_exitstatus); });
-
- pid_t waited_pid;
- int status;
- while ((waited_pid = wait(&status)) > 0) {
- // This loop will end when there are no processes left inside the
- // PID namespace or when the init process inside the PID namespace
- // gets a signal.
- if (waited_pid == child_pid) {
- init_exitstatus = status;
- }
- }
- if (!WIFEXITED(init_exitstatus)) {
- _exit(EXIT_FAILURE);
- }
- _exit(WEXITSTATUS(init_exitstatus));
- }
- return Success();
-}
-
-Result<Success> Service::EnterNamespaces() const {
- for (const auto& [nstype, path] : namespaces_to_enter_) {
- auto fd = unique_fd{open(path.c_str(), O_RDONLY | O_CLOEXEC)};
- if (fd == -1) {
- return ErrnoError() << "Could not open namespace at " << path;
- }
- if (setns(fd, nstype) == -1) {
- return ErrnoError() << "Could not setns() namespace at " << path;
- }
- }
- return Success();
-}
-
static bool ExpandArgsAndExecv(const std::vector<std::string>& args, bool sigstop) {
std::vector<std::string> expanded_args;
std::vector<char*> c_strings;
@@ -229,16 +145,16 @@
flags_(flags),
pid_(0),
crash_count_(0),
- uid_(uid),
- gid_(gid),
- supp_gids_(supp_gids),
- namespace_flags_(namespace_flags),
+ proc_attr_{.ioprio_class = IoSchedClass_NONE,
+ .ioprio_pri = 0,
+ .uid = uid,
+ .gid = gid,
+ .supp_gids = supp_gids,
+ .priority = 0},
+ namespaces_{.flags = namespace_flags},
seclabel_(seclabel),
onrestart_(false, subcontext_for_restart_commands, "<Service '" + name + "' onrestart>", 0,
"onrestart", {}),
- ioprio_class_(IoSchedClass_NONE),
- ioprio_pri_(0),
- priority_(0),
oom_score_adjust_(-1000),
start_order_(0),
args_(args) {}
@@ -271,24 +187,18 @@
<< ") process group...";
int r;
if (signal == SIGTERM) {
- r = killProcessGroupOnce(uid_, pid_, signal);
+ r = killProcessGroupOnce(proc_attr_.uid, pid_, signal);
} else {
- r = killProcessGroup(uid_, pid_, signal);
+ r = killProcessGroup(proc_attr_.uid, pid_, signal);
}
if (r == 0) process_cgroup_empty_ = true;
}
}
-void Service::SetProcessAttributes() {
- for (const auto& rlimit : rlimits_) {
- if (setrlimit(rlimit.first, &rlimit.second) == -1) {
- LOG(FATAL) << StringPrintf("setrlimit(%d, {rlim_cur=%ld, rlim_max=%ld}) failed",
- rlimit.first, rlimit.second.rlim_cur, rlimit.second.rlim_max);
- }
- }
+void Service::SetProcessAttributesAndCaps() {
// Keep capabilites on uid change.
- if (capabilities_ && uid_) {
+ if (capabilities_ && proc_attr_.uid) {
// If Android is running in a container, some securebits might already
// be locked, so don't change those.
unsigned long securebits = prctl(PR_GET_SECUREBITS);
@@ -301,37 +211,21 @@
}
}
- // TODO: work out why this fails for `console` then upgrade to FATAL.
- if (setpgid(0, getpid()) == -1) PLOG(ERROR) << "setpgid failed for " << name_;
+ if (auto result = SetProcessAttributes(proc_attr_); !result) {
+ LOG(FATAL) << "cannot set attribute for " << name_ << ": " << result.error();
+ }
- if (gid_) {
- if (setgid(gid_) != 0) {
- PLOG(FATAL) << "setgid failed for " << name_;
- }
- }
- if (setgroups(supp_gids_.size(), &supp_gids_[0]) != 0) {
- PLOG(FATAL) << "setgroups failed for " << name_;
- }
- if (uid_) {
- if (setuid(uid_) != 0) {
- PLOG(FATAL) << "setuid failed for " << name_;
- }
- }
if (!seclabel_.empty()) {
if (setexeccon(seclabel_.c_str()) < 0) {
PLOG(FATAL) << "cannot setexeccon('" << seclabel_ << "') for " << name_;
}
}
- if (priority_ != 0) {
- if (setpriority(PRIO_PROCESS, 0, priority_) != 0) {
- PLOG(FATAL) << "setpriority failed for " << name_;
- }
- }
+
if (capabilities_) {
if (!SetCapsForExec(*capabilities_)) {
LOG(FATAL) << "cannot set capabilities for " << name_;
}
- } else if (uid_) {
+ } else if (proc_attr_.uid) {
// Inheritable caps can be non-zero when running in a container.
if (!DropInheritableCaps()) {
LOG(FATAL) << "cannot drop inheritable caps for " << name_;
@@ -372,10 +266,17 @@
return;
}
+#if defined(__ANDROID__)
+ static bool is_apex_updatable = android::sysprop::ApexProperties::updatable().value_or(false);
+#else
+ static bool is_apex_updatable = false;
+#endif
+ const bool is_process_updatable = !pre_apexd_ && is_apex_updatable;
+
// If we crash > 4 times in 4 minutes or before boot_completed,
// reboot into bootloader or set crashing property
boot_clock::time_point now = boot_clock::now();
- if (((flags_ & SVC_CRITICAL) || !pre_apexd_) && !(flags_ & SVC_RESTART)) {
+ if (((flags_ & SVC_CRITICAL) || is_process_updatable) && !(flags_ & SVC_RESTART)) {
bool boot_completed = android::base::GetBoolProperty("sys.boot_completed", false);
if (now < time_crashed_ + 4min || !boot_completed) {
if (++crash_count_ > 4) {
@@ -450,7 +351,7 @@
Result<Success> Service::ParseConsole(std::vector<std::string>&& args) {
flags_ |= SVC_CONSOLE;
- console_ = args.size() > 1 ? "/dev/" + args[1] : "";
+ proc_attr_.console = args.size() > 1 ? "/dev/" + args[1] : "";
return Success();
}
@@ -469,13 +370,13 @@
if (args[1] != "net") {
return Error() << "Init only supports entering network namespaces";
}
- if (!namespaces_to_enter_.empty()) {
+ if (!namespaces_.namespaces_to_enter.empty()) {
return Error() << "Only one network namespace may be entered";
}
// Network namespaces require that /sys is remounted, otherwise the old adapters will still be
// present. Therefore, they also require mount namespaces.
- namespace_flags_ |= CLONE_NEWNS;
- namespaces_to_enter_.emplace_back(CLONE_NEWNET, std::move(args[2]));
+ namespaces_.flags |= CLONE_NEWNS;
+ namespaces_.namespaces_to_enter.emplace_back(CLONE_NEWNET, std::move(args[2]));
return Success();
}
@@ -484,22 +385,22 @@
if (!gid) {
return Error() << "Unable to decode GID for '" << args[1] << "': " << gid.error();
}
- gid_ = *gid;
+ proc_attr_.gid = *gid;
for (std::size_t n = 2; n < args.size(); n++) {
gid = DecodeUid(args[n]);
if (!gid) {
return Error() << "Unable to decode GID for '" << args[n] << "': " << gid.error();
}
- supp_gids_.emplace_back(*gid);
+ proc_attr_.supp_gids.emplace_back(*gid);
}
return Success();
}
Result<Success> Service::ParsePriority(std::vector<std::string>&& args) {
- priority_ = 0;
- if (!ParseInt(args[1], &priority_,
- static_cast<int>(ANDROID_PRIORITY_HIGHEST), // highest is negative
+ proc_attr_.priority = 0;
+ if (!ParseInt(args[1], &proc_attr_.priority,
+ static_cast<int>(ANDROID_PRIORITY_HIGHEST), // highest is negative
static_cast<int>(ANDROID_PRIORITY_LOWEST))) {
return Error() << StringPrintf("process priority value must be range %d - %d",
ANDROID_PRIORITY_HIGHEST, ANDROID_PRIORITY_LOWEST);
@@ -539,16 +440,16 @@
}
Result<Success> Service::ParseIoprio(std::vector<std::string>&& args) {
- if (!ParseInt(args[2], &ioprio_pri_, 0, 7)) {
+ if (!ParseInt(args[2], &proc_attr_.ioprio_pri, 0, 7)) {
return Error() << "priority value must be range 0 - 7";
}
if (args[1] == "rt") {
- ioprio_class_ = IoSchedClass_RT;
+ proc_attr_.ioprio_class = IoSchedClass_RT;
} else if (args[1] == "be") {
- ioprio_class_ = IoSchedClass_BE;
+ proc_attr_.ioprio_class = IoSchedClass_BE;
} else if (args[1] == "idle") {
- ioprio_class_ = IoSchedClass_IDLE;
+ proc_attr_.ioprio_class = IoSchedClass_IDLE;
} else {
return Error() << "ioprio option usage: ioprio <rt|be|idle> <0-7>";
}
@@ -605,11 +506,11 @@
Result<Success> Service::ParseNamespace(std::vector<std::string>&& args) {
for (size_t i = 1; i < args.size(); i++) {
if (args[i] == "pid") {
- namespace_flags_ |= CLONE_NEWPID;
+ namespaces_.flags |= CLONE_NEWPID;
// PID namespaces require mount namespaces.
- namespace_flags_ |= CLONE_NEWNS;
+ namespaces_.flags |= CLONE_NEWNS;
} else if (args[i] == "mnt") {
- namespace_flags_ |= CLONE_NEWNS;
+ namespaces_.flags |= CLONE_NEWNS;
} else {
return Error() << "namespace must be 'pid' or 'mnt'";
}
@@ -666,7 +567,7 @@
auto rlimit = ParseRlimit(args);
if (!rlimit) return rlimit.error();
- rlimits_.emplace_back(*rlimit);
+ proc_attr_.rlimits.emplace_back(*rlimit);
return Success();
}
@@ -776,7 +677,7 @@
if (!uid) {
return Error() << "Unable to find UID for '" << args[1] << "': " << uid.error();
}
- uid_ = *uid;
+ proc_attr_.uid = *uid;
return Success();
}
@@ -877,8 +778,8 @@
flags_ |= SVC_EXEC;
is_exec_service_running_ = true;
- LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << uid_ << " gid "
- << gid_ << "+" << supp_gids_.size() << " context "
+ LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << proc_attr_.uid
+ << " gid " << proc_attr_.gid << "+" << proc_attr_.supp_gids.size() << " context "
<< (!seclabel_.empty() ? seclabel_ : "default") << ") started; waiting...";
return Success();
@@ -912,16 +813,16 @@
bool needs_console = (flags_ & SVC_CONSOLE);
if (needs_console) {
- if (console_.empty()) {
- console_ = default_console;
+ if (proc_attr_.console.empty()) {
+ proc_attr_.console = default_console;
}
// Make sure that open call succeeds to ensure a console driver is
// properly registered for the device node
- int console_fd = open(console_.c_str(), O_RDWR | O_CLOEXEC);
+ int console_fd = open(proc_attr_.console.c_str(), O_RDWR | O_CLOEXEC);
if (console_fd < 0) {
flags_ |= SVC_DISABLED;
- return ErrnoError() << "Couldn't open console '" << console_ << "'";
+ return ErrnoError() << "Couldn't open console '" << proc_attr_.console << "'";
}
close(console_fd);
}
@@ -956,8 +857,8 @@
LOG(INFO) << "starting service '" << name_ << "'...";
pid_t pid = -1;
- if (namespace_flags_) {
- pid = clone(nullptr, nullptr, namespace_flags_ | SIGCHLD, nullptr);
+ if (namespaces_.flags) {
+ pid = clone(nullptr, nullptr, namespaces_.flags | SIGCHLD, nullptr);
} else {
pid = fork();
}
@@ -965,33 +866,9 @@
if (pid == 0) {
umask(077);
- if (auto result = EnterNamespaces(); !result) {
- LOG(FATAL) << "Service '" << name_ << "' could not enter namespaces: " << result.error();
- }
-
-#if defined(__ANDROID__)
- if (pre_apexd_) {
- if (!SwitchToBootstrapMountNamespaceIfNeeded()) {
- LOG(FATAL) << "Service '" << name_ << "' could not enter "
- << "into the bootstrap mount namespace";
- }
- }
-#endif
-
- if (namespace_flags_ & CLONE_NEWNS) {
- if (auto result = SetUpMountNamespace(); !result) {
- LOG(FATAL) << "Service '" << name_
- << "' could not set up mount namespace: " << result.error();
- }
- }
-
- if (namespace_flags_ & CLONE_NEWPID) {
- // This will fork again to run an init process inside the PID
- // namespace.
- if (auto result = SetUpPidNamespace(); !result) {
- LOG(FATAL) << "Service '" << name_
- << "' could not set up PID namespace: " << result.error();
- }
+ if (auto result = EnterNamespaces(namespaces_, name_, pre_apexd_); !result) {
+ LOG(FATAL) << "Service '" << name_
+ << "' failed to set up namespaces: " << result.error();
}
for (const auto& [key, value] : environment_vars_) {
@@ -1001,58 +878,13 @@
std::for_each(descriptors_.begin(), descriptors_.end(),
std::bind(&DescriptorInfo::CreateAndPublish, std::placeholders::_1, scon));
- // See if there were "writepid" instructions to write to files under cpuset path.
- std::string cpuset_path;
- if (CgroupGetControllerPath("cpuset", &cpuset_path)) {
- auto cpuset_predicate = [&cpuset_path](const std::string& path) {
- return StartsWith(path, cpuset_path + "/");
- };
- auto iter =
- std::find_if(writepid_files_.begin(), writepid_files_.end(), cpuset_predicate);
- if (iter == writepid_files_.end()) {
- // There were no "writepid" instructions for cpusets, check if the system default
- // cpuset is specified to be used for the process.
- std::string default_cpuset = GetProperty("ro.cpuset.default", "");
- if (!default_cpuset.empty()) {
- // Make sure the cpuset name starts and ends with '/'.
- // A single '/' means the 'root' cpuset.
- if (default_cpuset.front() != '/') {
- default_cpuset.insert(0, 1, '/');
- }
- if (default_cpuset.back() != '/') {
- default_cpuset.push_back('/');
- }
- writepid_files_.push_back(
- StringPrintf("%s%stasks", cpuset_path.c_str(), default_cpuset.c_str()));
- }
- }
- } else {
- LOG(ERROR) << "cpuset cgroup controller is not mounted!";
- }
- std::string pid_str = std::to_string(getpid());
- for (const auto& file : writepid_files_) {
- if (!WriteStringToFile(pid_str, file)) {
- PLOG(ERROR) << "couldn't write " << pid_str << " to " << file;
- }
- }
-
- if (ioprio_class_ != IoSchedClass_NONE) {
- if (android_set_ioprio(getpid(), ioprio_class_, ioprio_pri_)) {
- PLOG(ERROR) << "failed to set pid " << getpid()
- << " ioprio=" << ioprio_class_ << "," << ioprio_pri_;
- }
- }
-
- if (needs_console) {
- setsid();
- OpenConsole();
- } else {
- ZapStdio();
+ if (auto result = WritePidToFiles(&writepid_files_); !result) {
+ LOG(ERROR) << "failed to write pid to files: " << result.error();
}
// As requested, set our gid, supplemental gids, uid, context, and
// priority. Aborts on failure.
- SetProcessAttributes();
+ SetProcessAttributesAndCaps();
if (!ExpandArgsAndExecv(args_, sigstop_)) {
PLOG(ERROR) << "cannot execve('" << args_[0] << "')";
@@ -1082,19 +914,19 @@
bool use_memcg = swappiness_ != -1 || soft_limit_in_bytes_ != -1 || limit_in_bytes_ != -1 ||
limit_percent_ != -1 || !limit_property_.empty();
- errno = -createProcessGroup(uid_, pid_, use_memcg);
+ errno = -createProcessGroup(proc_attr_.uid, pid_, use_memcg);
if (errno != 0) {
- PLOG(ERROR) << "createProcessGroup(" << uid_ << ", " << pid_ << ") failed for service '"
- << name_ << "'";
+ PLOG(ERROR) << "createProcessGroup(" << proc_attr_.uid << ", " << pid_
+ << ") failed for service '" << name_ << "'";
} else if (use_memcg) {
if (swappiness_ != -1) {
- if (!setProcessGroupSwappiness(uid_, pid_, swappiness_)) {
+ if (!setProcessGroupSwappiness(proc_attr_.uid, pid_, swappiness_)) {
PLOG(ERROR) << "setProcessGroupSwappiness failed";
}
}
if (soft_limit_in_bytes_ != -1) {
- if (!setProcessGroupSoftLimit(uid_, pid_, soft_limit_in_bytes_)) {
+ if (!setProcessGroupSoftLimit(proc_attr_.uid, pid_, soft_limit_in_bytes_)) {
PLOG(ERROR) << "setProcessGroupSoftLimit failed";
}
}
@@ -1121,7 +953,7 @@
}
if (computed_limit_in_bytes != size_t(-1)) {
- if (!setProcessGroupLimit(uid_, pid_, computed_limit_in_bytes)) {
+ if (!setProcessGroupLimit(proc_attr_.uid, pid_, computed_limit_in_bytes)) {
PLOG(ERROR) << "setProcessGroupLimit failed";
}
}
@@ -1241,25 +1073,6 @@
}
}
-void Service::ZapStdio() const {
- int fd;
- fd = open("/dev/null", O_RDWR);
- dup2(fd, 0);
- dup2(fd, 1);
- dup2(fd, 2);
- close(fd);
-}
-
-void Service::OpenConsole() const {
- int fd = open(console_.c_str(), O_RDWR);
- if (fd == -1) fd = open("/dev/null", O_RDWR);
- ioctl(fd, TIOCSCTTY, 0);
- dup2(fd, 0);
- dup2(fd, 1);
- dup2(fd, 2);
- close(fd);
-}
-
ServiceList::ServiceList() {}
ServiceList& ServiceList::GetInstance() {
diff --git a/init/service.h b/init/service.h
index ae29f28..93b5a5c 100644
--- a/init/service.h
+++ b/init/service.h
@@ -36,6 +36,7 @@
#include "descriptors.h"
#include "keyword_map.h"
#include "parser.h"
+#include "service_utils.h"
#include "subcontext.h"
#define SVC_DISABLED 0x001 // do not autostart with class
@@ -107,16 +108,16 @@
pid_t pid() const { return pid_; }
android::base::boot_clock::time_point time_started() const { return time_started_; }
int crash_count() const { return crash_count_; }
- uid_t uid() const { return uid_; }
- gid_t gid() const { return gid_; }
- unsigned namespace_flags() const { return namespace_flags_; }
- const std::vector<gid_t>& supp_gids() const { return supp_gids_; }
+ uid_t uid() const { return proc_attr_.uid; }
+ gid_t gid() const { return proc_attr_.gid; }
+ unsigned namespace_flags() const { return namespaces_.flags; }
+ const std::vector<gid_t>& supp_gids() const { return proc_attr_.supp_gids; }
const std::string& seclabel() const { return seclabel_; }
const std::vector<int>& keycodes() const { return keycodes_; }
- IoSchedClass ioprio_class() const { return ioprio_class_; }
- int ioprio_pri() const { return ioprio_pri_; }
+ IoSchedClass ioprio_class() const { return proc_attr_.ioprio_class; }
+ int ioprio_pri() const { return proc_attr_.ioprio_pri; }
const std::set<std::string>& interfaces() const { return interfaces_; }
- int priority() const { return priority_; }
+ int priority() const { return proc_attr_.priority; }
int oom_score_adjust() const { return oom_score_adjust_; }
bool is_override() const { return override_; }
bool process_cgroup_empty() const { return process_cgroup_empty_; }
@@ -132,15 +133,10 @@
using OptionParser = Result<Success> (Service::*)(std::vector<std::string>&& args);
class OptionParserMap;
- Result<Success> SetUpMountNamespace() const;
- Result<Success> SetUpPidNamespace() const;
- Result<Success> EnterNamespaces() const;
void NotifyStateChange(const std::string& new_state) const;
void StopOrReset(int how);
- void ZapStdio() const;
- void OpenConsole() const;
void KillProcessGroup(int signal);
- void SetProcessAttributes();
+ void SetProcessAttributesAndCaps();
Result<Success> ParseCapabilities(std::vector<std::string>&& args);
Result<Success> ParseClass(std::vector<std::string>&& args);
@@ -184,7 +180,6 @@
std::string name_;
std::set<std::string> classnames_;
- std::string console_;
unsigned flags_;
pid_t pid_;
@@ -192,13 +187,9 @@
android::base::boot_clock::time_point time_crashed_; // first crash within inspection window
int crash_count_; // number of times crashed within window
- uid_t uid_;
- gid_t gid_;
- std::vector<gid_t> supp_gids_;
std::optional<CapSet> capabilities_;
- unsigned namespace_flags_;
- // Pair of namespace type, path to namespace.
- std::vector<std::pair<int, std::string>> namespaces_to_enter_;
+ ProcessAttributes proc_attr_;
+ NamespaceInfo namespaces_;
std::string seclabel_;
@@ -214,10 +205,6 @@
// keycodes for triggering this service via /dev/input/input*
std::vector<int> keycodes_;
- IoSchedClass ioprio_class_;
- int ioprio_pri_;
- int priority_;
-
int oom_score_adjust_;
int swappiness_ = -1;
@@ -233,8 +220,6 @@
unsigned long start_order_;
- std::vector<std::pair<int, rlimit>> rlimits_;
-
bool sigstop_ = false;
std::chrono::seconds restart_period_ = 5s;
diff --git a/init/service_utils.cpp b/init/service_utils.cpp
new file mode 100644
index 0000000..17fc9c8
--- /dev/null
+++ b/init/service_utils.cpp
@@ -0,0 +1,265 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "service_utils.h"
+
+#include <grp.h>
+#include <sys/mount.h>
+#include <sys/prctl.h>
+#include <sys/wait.h>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/properties.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+#include <android-base/unique_fd.h>
+#include <processgroup/processgroup.h>
+
+#include "mount_namespace.h"
+
+using android::base::GetProperty;
+using android::base::StartsWith;
+using android::base::StringPrintf;
+using android::base::unique_fd;
+using android::base::WriteStringToFile;
+
+namespace android {
+namespace init {
+
+namespace {
+
+Result<Success> EnterNamespace(int nstype, const char* path) {
+ auto fd = unique_fd{open(path, O_RDONLY | O_CLOEXEC)};
+ if (fd == -1) {
+ return ErrnoError() << "Could not open namespace at " << path;
+ }
+ if (setns(fd, nstype) == -1) {
+ return ErrnoError() << "Could not setns() namespace at " << path;
+ }
+ return Success();
+}
+
+Result<Success> SetUpMountNamespace(bool remount_proc, bool remount_sys) {
+ constexpr unsigned int kSafeFlags = MS_NODEV | MS_NOEXEC | MS_NOSUID;
+
+ // Recursively remount / as slave like zygote does so unmounting and mounting /proc
+ // doesn't interfere with the parent namespace's /proc mount. This will also
+ // prevent any other mounts/unmounts initiated by the service from interfering
+ // with the parent namespace but will still allow mount events from the parent
+ // namespace to propagate to the child.
+ if (mount("rootfs", "/", nullptr, (MS_SLAVE | MS_REC), nullptr) == -1) {
+ return ErrnoError() << "Could not remount(/) recursively as slave";
+ }
+
+ // umount() then mount() /proc and/or /sys
+ // Note that it is not sufficient to mount with MS_REMOUNT.
+ if (remount_proc) {
+ if (umount("/proc") == -1) {
+ return ErrnoError() << "Could not umount(/proc)";
+ }
+ if (mount("", "/proc", "proc", kSafeFlags, "") == -1) {
+ return ErrnoError() << "Could not mount(/proc)";
+ }
+ }
+ if (remount_sys) {
+ if (umount2("/sys", MNT_DETACH) == -1) {
+ return ErrnoError() << "Could not umount(/sys)";
+ }
+ if (mount("", "/sys", "sysfs", kSafeFlags, "") == -1) {
+ return ErrnoError() << "Could not mount(/sys)";
+ }
+ }
+ return Success();
+}
+
+Result<Success> SetUpPidNamespace(const char* name) {
+ if (prctl(PR_SET_NAME, name) == -1) {
+ return ErrnoError() << "Could not set name";
+ }
+
+ pid_t child_pid = fork();
+ if (child_pid == -1) {
+ return ErrnoError() << "Could not fork init inside the PID namespace";
+ }
+
+ if (child_pid > 0) {
+ // So that we exit with the right status.
+ static int init_exitstatus = 0;
+ signal(SIGTERM, [](int) { _exit(init_exitstatus); });
+
+ pid_t waited_pid;
+ int status;
+ while ((waited_pid = wait(&status)) > 0) {
+ // This loop will end when there are no processes left inside the
+ // PID namespace or when the init process inside the PID namespace
+ // gets a signal.
+ if (waited_pid == child_pid) {
+ init_exitstatus = status;
+ }
+ }
+ if (!WIFEXITED(init_exitstatus)) {
+ _exit(EXIT_FAILURE);
+ }
+ _exit(WEXITSTATUS(init_exitstatus));
+ }
+ return Success();
+}
+
+void ZapStdio() {
+ int fd;
+ fd = open("/dev/null", O_RDWR);
+ dup2(fd, 0);
+ dup2(fd, 1);
+ dup2(fd, 2);
+ close(fd);
+}
+
+void OpenConsole(const std::string& console) {
+ int fd = open(console.c_str(), O_RDWR);
+ if (fd == -1) fd = open("/dev/null", O_RDWR);
+ ioctl(fd, TIOCSCTTY, 0);
+ dup2(fd, 0);
+ dup2(fd, 1);
+ dup2(fd, 2);
+ close(fd);
+}
+
+} // namespace
+
+Result<Success> EnterNamespaces(const NamespaceInfo& info, const std::string& name,
+ bool pre_apexd) {
+ for (const auto& [nstype, path] : info.namespaces_to_enter) {
+ if (auto result = EnterNamespace(nstype, path.c_str()); !result) {
+ return result;
+ }
+ }
+
+#if defined(__ANDROID__)
+ if (pre_apexd) {
+ if (!SwitchToBootstrapMountNamespaceIfNeeded()) {
+ return Error() << "could not enter into the bootstrap mount namespace";
+ }
+ }
+#endif
+
+ if (info.flags & CLONE_NEWNS) {
+ bool remount_proc = info.flags & CLONE_NEWPID;
+ bool remount_sys =
+ std::any_of(info.namespaces_to_enter.begin(), info.namespaces_to_enter.end(),
+ [](const auto& entry) { return entry.first == CLONE_NEWNET; });
+ if (auto result = SetUpMountNamespace(remount_proc, remount_sys); !result) {
+ return result;
+ }
+ }
+
+ if (info.flags & CLONE_NEWPID) {
+ // This will fork again to run an init process inside the PID namespace.
+ if (auto result = SetUpPidNamespace(name.c_str()); !result) {
+ return result;
+ }
+ }
+
+ return Success();
+}
+
+Result<Success> SetProcessAttributes(const ProcessAttributes& attr) {
+ if (attr.ioprio_class != IoSchedClass_NONE) {
+ if (android_set_ioprio(getpid(), attr.ioprio_class, attr.ioprio_pri)) {
+ PLOG(ERROR) << "failed to set pid " << getpid() << " ioprio=" << attr.ioprio_class
+ << "," << attr.ioprio_pri;
+ }
+ }
+
+ if (!attr.console.empty()) {
+ setsid();
+ OpenConsole(attr.console);
+ } else {
+ if (setpgid(0, getpid()) == -1) {
+ return ErrnoError() << "setpgid failed";
+ }
+ ZapStdio();
+ }
+
+ for (const auto& rlimit : attr.rlimits) {
+ if (setrlimit(rlimit.first, &rlimit.second) == -1) {
+ return ErrnoError() << StringPrintf(
+ "setrlimit(%d, {rlim_cur=%ld, rlim_max=%ld}) failed", rlimit.first,
+ rlimit.second.rlim_cur, rlimit.second.rlim_max);
+ }
+ }
+
+ if (attr.gid) {
+ if (setgid(attr.gid) != 0) {
+ return ErrnoError() << "setgid failed";
+ }
+ }
+ if (setgroups(attr.supp_gids.size(), const_cast<gid_t*>(&attr.supp_gids[0])) != 0) {
+ return ErrnoError() << "setgroups failed";
+ }
+ if (attr.uid) {
+ if (setuid(attr.uid) != 0) {
+ return ErrnoError() << "setuid failed";
+ }
+ }
+
+ if (attr.priority != 0) {
+ if (setpriority(PRIO_PROCESS, 0, attr.priority) != 0) {
+ return ErrnoError() << "setpriority failed";
+ }
+ }
+ return Success();
+}
+
+Result<Success> WritePidToFiles(std::vector<std::string>* files) {
+ // See if there were "writepid" instructions to write to files under cpuset path.
+ std::string cpuset_path;
+ if (CgroupGetControllerPath("cpuset", &cpuset_path)) {
+ auto cpuset_predicate = [&cpuset_path](const std::string& path) {
+ return StartsWith(path, cpuset_path + "/");
+ };
+ auto iter = std::find_if(files->begin(), files->end(), cpuset_predicate);
+ if (iter == files->end()) {
+ // There were no "writepid" instructions for cpusets, check if the system default
+ // cpuset is specified to be used for the process.
+ std::string default_cpuset = GetProperty("ro.cpuset.default", "");
+ if (!default_cpuset.empty()) {
+ // Make sure the cpuset name starts and ends with '/'.
+ // A single '/' means the 'root' cpuset.
+ if (default_cpuset.front() != '/') {
+ default_cpuset.insert(0, 1, '/');
+ }
+ if (default_cpuset.back() != '/') {
+ default_cpuset.push_back('/');
+ }
+ files->push_back(
+ StringPrintf("%s%stasks", cpuset_path.c_str(), default_cpuset.c_str()));
+ }
+ }
+ } else {
+ LOG(ERROR) << "cpuset cgroup controller is not mounted!";
+ }
+ std::string pid_str = std::to_string(getpid());
+ for (const auto& file : *files) {
+ if (!WriteStringToFile(pid_str, file)) {
+ return ErrnoError() << "couldn't write " << pid_str << " to " << file;
+ }
+ }
+ return Success();
+}
+
+} // namespace init
+} // namespace android
diff --git a/init/service_utils.h b/init/service_utils.h
new file mode 100644
index 0000000..f7502a9
--- /dev/null
+++ b/init/service_utils.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <sys/resource.h>
+#include <sys/types.h>
+
+#include <string>
+#include <vector>
+
+#include <cutils/iosched_policy.h>
+
+#include "result.h"
+
+namespace android {
+namespace init {
+
+struct NamespaceInfo {
+ unsigned flags;
+ // Pair of namespace type, path to name.
+ std::vector<std::pair<int, std::string>> namespaces_to_enter;
+};
+Result<Success> EnterNamespaces(const NamespaceInfo& info, const std::string& name, bool pre_apexd);
+
+struct ProcessAttributes {
+ std::string console;
+ IoSchedClass ioprio_class;
+ int ioprio_pri;
+ std::vector<std::pair<int, rlimit>> rlimits;
+ uid_t uid;
+ gid_t gid;
+ std::vector<gid_t> supp_gids;
+ int priority;
+};
+Result<Success> SetProcessAttributes(const ProcessAttributes& attr);
+
+Result<Success> WritePidToFiles(std::vector<std::string>* files);
+
+} // namespace init
+} // namespace android
diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 467b0d2..f9eb83d 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -32,6 +32,7 @@
#if defined(__ANDROID__)
#include <android/api-level.h>
#include "property_service.h"
+#include "selabel.h"
#include "selinux.h"
#else
#include "host_init_stubs.h"
diff --git a/init/ueventd.cpp b/init/ueventd.cpp
index 399ea4c..d700c46 100644
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@@ -37,6 +37,7 @@
#include "devices.h"
#include "firmware_handler.h"
#include "modalias_handler.h"
+#include "selabel.h"
#include "selinux.h"
#include "uevent_handler.h"
#include "uevent_listener.h"
diff --git a/init/util.cpp b/init/util.cpp
index 29d7a76..243e5f0 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -40,7 +40,8 @@
#include <selinux/android.h>
#if defined(__ANDROID__)
-#include "selinux.h"
+#include "reboot_utils.h"
+#include "selabel.h"
#else
#include "host_init_stubs.h"
#endif
@@ -425,20 +426,50 @@
return true;
}
-void InitKernelLogging(char** argv, std::function<void(const char*)> abort_function) {
+static void InitAborter(const char* abort_message) {
+ // When init forks, it continues to use this aborter for LOG(FATAL), but we want children to
+ // simply abort instead of trying to reboot the system.
+ if (getpid() != 1) {
+ android::base::DefaultAborter(abort_message);
+ return;
+ }
+
+ InitFatalReboot();
+}
+
+// The kernel opens /dev/console and uses that fd for stdin/stdout/stderr if there is a serial
+// console enabled and no initramfs, otherwise it does not provide any fds for stdin/stdout/stderr.
+// SetStdioToDevNull() is used to close these existing fds if they exist and replace them with
+// /dev/null regardless.
+//
+// In the case that these fds are provided by the kernel, the exec of second stage init causes an
+// SELinux denial as it does not have access to /dev/console. In the case that they are not
+// provided, exec of any further process is potentially dangerous as the first fd's opened by that
+// process will take the stdin/stdout/stderr fileno's, which can cause issues if printf(), etc is
+// then used by that process.
+//
+// Lastly, simply calling SetStdioToDevNull() in first stage init is not enough, since first
+// stage init still runs in kernel context, future child processes will not have permissions to
+// access any fds that it opens, including the one opened below for /dev/null. Therefore,
+// SetStdioToDevNull() must be called again in second stage init.
+void SetStdioToDevNull(char** argv) {
// Make stdin/stdout/stderr all point to /dev/null.
int fd = open("/dev/null", O_RDWR);
if (fd == -1) {
int saved_errno = errno;
- android::base::InitLogging(argv, &android::base::KernelLogger, std::move(abort_function));
+ android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
errno = saved_errno;
PLOG(FATAL) << "Couldn't open /dev/null";
}
- dup2(fd, 0);
- dup2(fd, 1);
- dup2(fd, 2);
- if (fd > 2) close(fd);
- android::base::InitLogging(argv, &android::base::KernelLogger, std::move(abort_function));
+ dup2(fd, STDIN_FILENO);
+ dup2(fd, STDOUT_FILENO);
+ dup2(fd, STDERR_FILENO);
+ if (fd > STDERR_FILENO) close(fd);
+}
+
+void InitKernelLogging(char** argv) {
+ SetFatalRebootTarget();
+ android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
}
bool IsRecoveryMode() {
diff --git a/init/util.h b/init/util.h
index 2232a0f..767620b 100644
--- a/init/util.h
+++ b/init/util.h
@@ -63,7 +63,8 @@
bool IsLegalPropertyName(const std::string& name);
-void InitKernelLogging(char** argv, std::function<void(const char*)> abort_function);
+void SetStdioToDevNull(char** argv);
+void InitKernelLogging(char** argv);
bool IsRecoveryMode();
} // namespace init
} // namespace android
diff --git a/libappfuse/FuseBridgeLoop.cc b/libappfuse/FuseBridgeLoop.cc
index ac94e69..f1ca446 100644
--- a/libappfuse/FuseBridgeLoop.cc
+++ b/libappfuse/FuseBridgeLoop.cc
@@ -353,8 +353,8 @@
}
if (entry->IsClosing()) {
const int mount_id = entry->mount_id();
- callback->OnClosed(mount_id);
bridges_.erase(mount_id);
+ callback->OnClosed(mount_id);
if (bridges_.size() == 0) {
// All bridges are now closed.
return false;